EPF - Evil Packet Filter

Explore a cutting-edge security presentation from USENIX ATC '23 that delves into a novel method for bypassing kernel isolation techniques in Linux. Learn about EPF (Evil Packet Filter), which exploits the BPF infrastructure to mount privilege escalation attacks on both 32- and 64-bit x86 platforms. Discover two EPF instances, BPF-Reuse and BPF-ROP, and understand their implications for kernel security. Gain insights into the researchers' proposed defenses that enforce isolation between BPF instructions and benign kernel data, as well as maintain BPF program execution integrity. Understand how these protective measures effectively counter EPF-based attacks while incurring minimal overhead. This 20-minute talk by researchers from Brown University offers valuable knowledge for cybersecurity professionals, system administrators, and anyone interested in advanced OS kernel security strategies.